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Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

CLAIMS 

1 . (Currently amended) A server-based, computer implemented method for 
detecting and neutralizing e liminating invalid server-supplied data received from clients 
machines comprising the following steps performed following a server's [[the]] receipt of a 
request for services from a client web browser which request is accompanied by at least one 
identifier and associated s e rv e r data placed on the client w e b machin e via commands for th e w e b 
brows e r included in transport protocol respons e h e ad e rs sent to the client by the server or by 
related servers on earlier occasions , said method comprising : 

scanning the s e rv e r data which is received from the client w e b brows e r to 
identify, as invalid data , any data that contains improper characters : 

determining the [[an]] identifier associated with that accompanies any data 
which is invalid; and 

as part of a server response sent back to the client^ w e b brows e r, 
including in the response a command or commands that causes only the invalid 
data, meaning character strings that include improper characters, identified by the 
identifier [[,]] to be neutralized. 

2. (Currently amended) A method in accordance with claim 1, wherein the method 
is applied to the detection and neutralization of one or more cookies each associated with data 
and an identifier and supplied by the server or by related servers to client s, said method further 
comprising: wob browsers and, 

when the [[its]] data and nam e the identifier associated with such a cookie is later 
returned by a particular client w e b brows e r to the server [[,]] and the data is found to contain 
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invalid data, then neutralizing and wherein only cookies associated with containing invalid data 
[[J] and identified by the associated identifier, name, are neutraliz e d. 

3. (Currently amended) A method in accordance with claim 1, wherein the serv e r 
data accompanying a request for services received from a client w e b brows e r contains on e is 
accompanied by two or more separate identifiers sots of data each including a nam e and [[a]] 
associated data,, value, and wherein the command or commands sent to the client as part of a 
response to the client includes one or more commands each of which identifies by identifier the 
associated name a sot of data that contains invalid data which and that is to be neutralized, 
whereby other s e ts of data associated with other identifiers and containing valid data are not 
neutralized. 

4. (Currently amended) A method in accordance with claim 1 [[3]], wherein 
neutralization is carried out by sending to a client a command that places on the client [[a]] new 
data [[set]] associated with an identifier found on the client associated with a name for a data 
[[set]] containing invalid data and a domain identifier of the server or of [[the]] related servers, 
the new data [[set]] containing a null data string no e rron e ous data , whereby the new data [[set]] 
displaces the erroneous data [[set]] and thereby neutralizes the erroneous data [[set]]. 

5. (Currently amended) A method in accordance with claim 1, wherein server data 
placed on the [[a]] client machin e via commands sent to the [[a]] client w e b brows e r includes an 
expiration date, and wherein neutralization is accomplished by adjusting the expiration date to a 
value valv e that neutralizes the invalid data through expiration shortly after the commands are 
received . 

6. (Original) A method in accordance with claim 5, wherein the expiration date is 
set to zero. 

7. (Currently amended) A method in accordance with claim 5, wherein the 
expiration date is set to a date equal to or earlier than the date when the one or more commands 
are [[is]] sent back to the client. 
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8. (Currently amended) A method in accordance with claim 1, wherein the invalid 
data comprises data all of whose characters valu e should correspond[[s]] to one or more 
printable characters identification codes but some of whose characters which match characters 
cod e s contained in a list of invalid characters^ eede&r 

9. (Currently amended) A method in accordance with claim 1, wherein the data 
transfer protocol is HTTP or an equivalent protocol, the data received comprises one or more 
data sets preceded by a "Cookie:" command or its equivalent [[,]] and separated by semicolons 
semi colons or an some oth e r equivalent separator and of the form "NAME = VALUE" or an 
som e equivalent form, and wherein the neutralization of such data is achieved by returning one 
or more commands "Set-cookie:" or an [[its]] equivalent command , each such command 
including at least a first expression that may be followed by one or more semicolons or 
equivalent separators and additional expressions , s e parat e d by s e mi colons or som e equival e nt 
separator, of the form "NAME= VALUE" or an [[its]] equivalent expression, where NAME is the 
identifier nam e associated with invalid data and VALUE is valid data which may be no data. 

10. (Currently amended) A method in accordance with claim 9, in which the 
command "Set-cookie:" or its equivalent is also followed by an expression 
"domain=DOMAIN_NAME" or an [[its]] equivalent expression, where D O M AIN_N AME 
identifies the server or the group of related servers. 

1 1 . (Currently amended) A method in accordance with claim 10, in which the 
command "Set-cookie:" or its equivalent is also followed by an expression "expires=DATE" or 
an [[its]] equivalent expression, where DATE is a date value or its equivalent adjusted to 
neutralize the invalid data values at [[by]] the client wob browser. 

12. (Original) A computer program containing instructions enabling it to cause a 
server to carry out the method steps as in claim 1 . 
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1 13. (Currently amended) A server-based system for detecting and neutralizing 

2 eliminating invalid server-supplied data received back from clients web brows e rs comprising: 

3 a server designed to communicate over a network with clients; 

4 a cli e nt m e ssag e r e ceiv e r and transmitt e r on th e s e rv e r that is arranged to 

5 r e c e iv e and to proc e ss incoming cli e nt m e ssag e s and to transmit r e turn m e ssag e s 

6 back to clients; 

7 a scanner that scans at least some requests for services m e ssag e s flowing 

8 into the server coming from clients over the network and including a detector that 

9 can detect incoming identifiers and associated server data returned to the server 

10 by the client and originally placed on suppli e d to the client on e arli e r occasions 

1 1 by the server or by [[a]] related serve rs on earlier occasions ; 

12 a data integrity tester that tests the validity int e grity of such incoming 

13 serv e r data by searching the data for improper characters ; and 

u a message insertion command generator placed into operation when the 

15 data integrity tester identifies invalid data , meaning data containing improper 

16 characters, in such incoming server data that causes the server, m e ssag e receiver 

17 and transmitt e r, when transmitting a return message back to a client from which 

18 invalid data was received, to include within the return message at least one or 

19 meFe-command[[s]] that causes the client to neutralize [[d]] the invalid data A 

20 identified by the associated identifier, without neutralizing other valid data. 

1 14. (Currently amended) A system in accordance with claim 13, wherein the system 

2 is used appli e d to [[the]] detect[[ion]] and neutralize n e utralization of one or more cookies 

3 supplied by the server or related servers to client s on earlier occasions, said system further 

4 comprising: web browsers and [[,]] 

5 when the its data and identifier associated with a cookie are nam e is later returned to the 

6 server by a particular client w e b brows e r to th e s e rv e r, and the data integrity tester identifies is 

7 found to contain invalid data, and wh e r e in only then the at least one command sent back to the 
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identifiers and containing invalid data., , id e ntifi e d by nam e , ar e n e utraliz e d. 



15. (Currently amended) A system in accordance with claim 13, wherein th e s e rv e r 
data accompanying a request for services received from a client is accompanied by two contains 
ene or more separate identifiers s e ts of data e ach including a nam e and associated [[a]] data A 
valu e , and wherein , if data is found to be invalid, the command or commands sent to the client 
by the message insertion command generator as part of a response to the client include[[s]] at 
least one or more command[[s]] e ach of which identifies by identifier the associated nam e a s e t 
of data that contains the invalid data which and that is to be neutralized, whereby other sets of 
data associated with other identifiers and containing [[in]]valid data are not neutralized. 

16. (Currently amended) A system in accordance with claim 13 [[15]], wherein 
neutralization is carried out by the message insertion command generator sending to a client a 
command that places on the client machine a new data [[set]] associated with an identifier found 
on the client associated with a nam e for th e data [[set]] containing invalid data and a domain 
identifier of the server or of related servers, the new data [[set]] containing a null data string ne 
erroneous data , whereby the new data [[set]] displaces the erroneous data [[set]] and thereby 
neutralizes the erroneous data [[set]]. 

17. (Currently amended) A system in accordance with claim 13, wherein the s e rv e r 
data placed on the [[a]] client includes an expiration date, and wherein neutralization is 
accomplished by commands that adjust[[ing]] the expiration date to a value valv e that neutralizes 
the invalid data through expiration shortly after the commands are received . 

18. (Original) A system in accordance with claim 17, wherein the expiration date is 
set to zero. 
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19. (Original) A system in accordance with claim 17, wherein the expiration date is 
set to a date equal to or earlier than the date when the one or more commands are sent back to 
the client. 

20. (Currently amended) A system in accordance with claim 13, wherein the invalid 
data comprises data all of whose characters valu e s should correspond[[s]] to one or more 
printable characters id e ntification cod e s but some of whose characters which match characters 
cod e s contained in a list of invalid characters,, cod e s. 

21. (Currently amended) A system in accordance with claim 13, wherein the data 
transfer protocol is HTTP or an equivalent protocol, the data received comprises one or more 
data sets preceded by "Cookie:" or an equivalent command and separated by semicolons or an 
equivalent separator and of the form "NAME =VALUE" or an equivalent form, and wherein the 
neutralization of such data is achieved by returning one or more [[the]] commands "Set-cookie:" 
or an equivalent command , each such command including at least a first expression that may be 
followed by one or more expressions separated by semicolons or an equivalent separator of the 
form "NAME= VALUE" or an equivalent form where NAME is the identifier nam e associated 
with invalid data and VALUE is valid data or no data. 

22. (Currently amended) A system in accordance with claim 2 1, in which the 
command "Set-cookie:" or its equivalent is also followed by an expression 
"domain=DOMAIN_NAME" or an equivalent expression, where DOMAIN_NAME identifies 
the server or the [[group of]] related servers. 

23. (Currently amended) A system in accordance with claim 22, in which the 
command "Set-cookie:" or its equivalent is also followed by an expression "expires=DATE" or 
an equivalent expression [[,]] where DATE is a date value or its equivalent adjusted to neutralize 
the invalid data valu e at the client. 
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24. (Currently amended) A system in accordance with claim 21, in which the 
command "Set-cookie:" or its equivalent is also followed by an expression "expires=DATE" or 
an equivalent expression where DATE is a date value or its equivalent adjusted to neutralize the 
invalid data valu e at [[by]] the client browser. 
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